Describe the bug
When the Content-Type of a request to a JWK endpoint is set to application/json, a server that has a JSON threat protection policy applied might reject the request.
The Content-Length of the request is 0 so the Content-Type shouldn't matter. However, such servers are still emitting errors. It is best to just have the code not set a Content-Type header at all for JWK requests.
Describe the bug
When the
Content-Typeof a request to a JWK endpoint is set toapplication/json, a server that has a JSON threat protection policy applied might reject the request.The
Content-Lengthof the request is 0 so theContent-Typeshouldn't matter. However, such servers are still emitting errors. It is best to just have the code not set aContent-Typeheader at all for JWK requests.